Comodo Cleaning Essentials BETA Bug Reports

Hi Tarnak,

What is the DefenseWall status for CCE? I noticed that you ran KillSwitch Untrusted.

Thanks.

What is a file size limit?? I have a gg.exe (Gadu-gadu), size file is a 12MB, verdict is a “FLS Absent”. Verdict DACS is a “File tool Large”.

Hi JoWa, I have the CCE folder as trusted, but for some reason I can’t get the CCE and Killswitch exe’s to run as trusted. I must be doing something wrong with the settings in DW.

I tried (on a virtual system) to right-click on CCE.exe and KillSwitch.exe > DefenseWall > Run as trusted. Or, DefenseWall > Change status to trusted, and then run it. Works for me.

That is what I do, but then it becomes untrusted as per… ??? :-[

[attachment deleted by admin]

same problem here.

windows vista sp2 32 bit , sandboxie , norton av 2011 , cis5.3

and the full scan is way tooo long!! , it took almost 7 hours to finish !!!.

I have about 120 gigabyte of data stored on the hard-drive.

[attachment deleted by admin]

And also in the results page it says it’s a DACS error and timeout results !!!

how come the DACS get a result after timing out error message ??!

by the way , these are false positive.

[attachment deleted by admin]

I have worked it out…I had to go and change all the .cav extensions in the scanners folder to Defensewall > Change status to trusted. I will try running a scan tomorrow.

P.S I checked the DW events log, and found the problem, highlighted.

[attachment deleted by admin]

My OS is WinXP SP3, with CIS5 (AV Disabled), Emisoft Antimalware (AV only), Zemana Antilogger.

I opened Killswitch and tried to end A2service.exe (a component of Emisoft AM) via Terminator. The first time the results were a red X for TP1, TP2, Green check for TT1. Process still was running.

I ran Terminator a second time and got a green check for Tp1. Process still runs.

I then double clicked all the ID’s, got all green checks- Process still runs.

It is ending the process; it’s just restarting each time you do it. Check if the PID is changing.

1. Windows 7 Ultimate 32-Bit, fully updated.
2. Avast 5 Free Edition, Secunia PSI Free, Windows Firewall, And Peer Block.
3. Everytime CCE is doing a Full Scan it stops working/freezes/crashes, in the lastest beta.
4. So far I have done nothing to resolve the issue except for setting it to do a full scan again, restarting the computer, and waiting until it stops working/freezes/crashes; also I noticed that the computer runs very slow during scans and CCE is using over 1GB of RAM.
   My computer is currently clean according to these on demand scanners: Malwarebytes, Avast, Emsisoft, Hitman Pro, Norton Power Eraser, and Super Anti-Spyware; though my computer may be damaged after a malware infection I had a week ago when some malware got past CIS even when set to heuristics on High. (it was a few trojans, rootkits, and a bootkit)
5. Partial crash dump provided.
6. Screenshots provided.

[attachment deleted by admin]

i dont if it is a bug i had but the terminator failed to terminate two processes of trusted programs:
i was in skype and then it crashed and i couldnt log into it again because the process was still running, so i started killswitch and tried to terminate it
terminator ran all tasks with a red cross in front of it
after this i started a program to make a screenshot for you to show it to you but the programm also crashed after some pop-ups by defense+ and tried to terminate it too but it couldnt be terminated to
so i think there should be some stronger methods to terminate processes if its possible

It sounds like you have a bad driver or a rootkit, which is causing programs to hang in kernel-mode. There is no safe way to terminate processes in this state.

Or you may have simply blocked KillSwitch with your AV, accidentally…

1. Windows 7 Home Premium 32bit
2. Comodo Antivirus 5.3 (Internet Security) with only Defense+ enabled (Safe Mode)
3. Ran custom scan (see attatched screenshot) scan with CCE found two files, unselected one and left the other to remove (the video file). Asked to reboot, reboot and CCE removed (disinfected) some registry keys and the one file that I wanted deleted.
4. How you tried to resolve the problem: N/A
5. Upload Memory Dumps on crash if you encounter any N/A
6. Attach screenshots to your posts to clarify the issue further: see attatched
7. When showing me the result screen after the custom scan it only showed two files, one that I unselected and the one video file shown in the screenshot. It did not show or ask me about any registry keys or other files.

I guess this is more of a false positive, but I think CCE should have shown the registry keys in the results summary, but it didn’t and “disinfected” them on reboot, so that seems like a bug to me.

Edit: cce_1.2.174769.31_x32

EDIT: The only bug here is my vision! I didn’t read the part that said when CCE wanted to reboot: “will continue to search” Yeesh I guess I should learn to read before clicking away!

My apologies! I did reinstall the same program (Vmware converter) that the original registry keys were from and this time it did not detect and disinfect them, so seems to me everything worked as it should.

Thank you for such a great program!

[attachment deleted by admin]

1. Windows 7 Ultimat 32bit
2. Comodo Antivirus 5.3 (Internet Security) with only Defense+ enabled
3. Scans a file that does not exist.
   at C: \ Config.sys and is consumed almost 2Gb ram
4. How you tried to resolve the problem: N/A
5. Upload Memory Dumps on crash if you encounter any N/A
6. Attach screenshots to your posts to clarify the issue further: see attatched

[attachment deleted by admin]

The file exist; you have to enable option "Show hidden files, folders and drives: Start → Computer → Organize - > Folder and search options → View tab.

1. Your Operating System (32 or 64 bit) and Service Pack revision

Windows 7 ultimate, 32bit, Service Pack: N/A

2. Other Security and Utility Software Installed

CIS Version 5.3.174622.1216 Virus Database: 7289

3. Step by step description to reproduce the issue

The problem is "Kill Switch" Version 1.2174769.31 Palemoon browser (firefox varient) 3.6.13 http://www.softpedia.com/progDownload/Pale-Moon-Download-141741.html

1. open "palemoon
2. open “killswitch”
3. double click on “palemoon.exe” on the main screen in “killswitch”
4. In “handle” tab
5. click on the first turquise color(light blue green color) File: \Device\Afd 0x1c8
6. click the “properties” 5 times
7. Click O.K.
8. Click on “security” tab
9. Click on “advanced”
10. Move the screen up about 2-3 inches
11. click on "cancel
12. In “Handle Properties” Click on “Cancel” <—Now it won’t close (It won’t matter what you click on
13. Now Kill SWitch won’t close “Handle Properties”. Only if you right click on the “killswitch” icon by the “startmenu” and click on close. <–Only then it will close

also another similar bug, Follow the same as step (1 - 4)
5) on step 5, click on the black highlighted one
6) click on “properties” 5 times
7) click on O.K.
8) click on “security”
9) Now your stuck with that screen

4. How you tried to resolve the problem

Only if you right click on the "killswitch" icon by the "startmenu" and click on close. <--Only then it will close

5. Upload Memory Dumps on crash if you encounter any (see on bottom on how to do a memory dump or forced it to product a memory dump) <--This makes it easier for the delvopers to fix stubbern bugs, freezes, glitchs and such WITH THE BUG REPORT(not required but very very helpfull) (((If you don't want to post the link to the memory dump, then PM a Mod with the link for the dump))))

There was NO crash and I didn't force a memory dump either, but if you like I can restart the computer, repoduce the bug and then force a memory dump, if needed :)

6. Attach screenshots to your posts to clarify the issue further

There's 4 pictures

7. Any other information you think that might be useful

This only seems affects items that say "analyzing" and have highlighted items

===============================================================
P.S. On a totally separate issue, Correct me if I’m wrong, If you look at The first picture Under “Verdict”. The word "analysing should be spelled "analyzing. The letter “s” needs to be replaced with “z”

[attachment deleted by admin]

I’m already aware of this bug. It’s related to file objects opened for synchronous I/O.

I'm already aware of this bug. It's related to file objects opened for synchronous I/O.

I’ll check to see if it’s been reported before I post one (From Now On) <–Sorry, I wasn’t thinking of that, It took me 10 minutes to figure out how to reproduce it step-by-step. I just posted it without thinking twice

No, it hasn’t been reported here before. I meant, as the developer of Process Hacker, I’m aware of this issue. Just letting you know.